1. Field of the Invention
The present invention relates generally to the field of Universal Plug and Play (UPnP) home network system, and more particularly to a method and system for providing security for UPnP operations in a home network environment based on ownership rights.
2. Description of the Related Art
Universal plug and play (UPnP) is a set of computer network protocols promulgated by the UPnP forum. The goals of UPnP are to allow access to connect seamlessly and to simplify implementation of networks (e.g., data sharing, communications, and entertainment) within homes and corporate environments. These goals are achieved by defining and publishing UPnP device control protocols built upon open, Internet-based communication standards.
The UPnP technology can cater to a wide range of devices in a home network. The UPnP provides discovery, control and event related mechanisms. Discovery is enabled using a Simple Service Discovery Protocol (SSDP) protocol. Event mechanisms follow the General Event Notification Architecture (GENA) protocol. Using these technologies, UPnP makes availability and unavailability of the UPnP devices on the fly to the other devices in the UPnP home network.
UPnP architecture allows peer-to-peer networking of Personal Computers (PCs), networked appliances, and wireless devices. It is distributed, open architecture based on established standards such as Transport Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP) and eXtended Mark-up Language (XML). The UPnP architecture supports zero configuration networking. For example, an UPnP compatible device from any vendor can dynamically join a network, obtain an IP address, announce its name, convey its capabilities upon request, and learn about the presence and capabilities about other devices. On the other hand, the UPnP devices can leave the UPnP home network automatically without leaving any unwanted state information on the network.
The foundation for UPnP networking is Internet Protocol (IP) addressing. Each UPnP device includes a Dynamic Host Configuration Protocol (DHCP) client which searches for a DHCP server when the UPnP device is first connected to the UPnP network. If no DHCP server is available, the UPnP device assigns itself an address. If during the DHCP transaction, the UPnP device obtains a domain name, for example, through a Domain Name System (DNS) server or via DNS forwarding, the UPnP device uses that name in subsequent network operations, otherwise the UPnP device uses its IP address.
UPnP defines device protection service as a generic security solution which can be used by all services defined in the UPnP. A device protection service defines concept of roles. All control points or control devices are assigned different roles, namely public, basic and admin for performing UPnP actions. Different DCPs and Vendors are free to extend these set of roles. However, the device protection service defines access control based only on actions and not on resources. In other words, the current device protection service fail to provide access control based on resources like Deployment Unit (DU), Execution Unit (EU) and Diagnostic tests (e.g., Ping, Traceroute, etc.).
Therefore, there exist a need to provide access control to different control points for performing an UPnP action (e.g., install action, uninstall action, start action, stop action, ping action and so on) based on ownership information associated with resources on which the UPnP action is invoked. That is, access control decisions are taken based on which control point is the owner of a resource.